Localizando Plugins no OpenVAS para criação

Estava desenvolvendo plugins para OpenVAS, quando reparei que em algumas situações que eu estava “reinventando a roda”.

Então comecei a analisar manualmente plugin a plugin nos exemplos que vem no Openvas através do OpenVAS NVT Feed, mas é cansativo fazer manualmente:

http://www.openvas.org/openvas-nvt-feed.html

Mais de 33k em plugins, até o momento deste artigo na época!

http://www.openvas.org/openvas-nvt-feed-current.tar.bz2

No caso é só extrair em uma pasta qualquer e descompactar e deplois executar esse comando:

find <caminho dos plugins> | xargs grep -s -a -i <expressão de busca>

Como estava procurando plugins que faça menção a conexão à SSH fiz assim:

find /home/firebits/openvas-plugins/ | xargs grep -s -a -i ssh

Poderíamos canalizar para um artigo TXT para usarmos como referência depois:

find /home/firebits/openvas-plugins/ | xargs grep -s -a -i ssh >> txt-ssh-openvas.txt

Ou mover para outra pasta, mas como muitos plugins dependem um dos outros para serem executados, não recomendo move e sim copiar.

@firebitsbr

 

Compilando e Instalando – OpenVAS6 packages + Debian 7

Neste post vou demonstrar como fazer uma instalação a partir do zero, sem ser por svn e sim por packages.

Antes, no entanto, é preciso concluir a instalação do Debian 7 com alguns pacotes necessários para compilar e executar OpenVAS 6.

$ sudo apt-get install nsis alien rpm texlive-latex-extra libqt4-dev g++ libmicrohttpd-dev libxml2-dev libxslt1-dev libxml2-dev libsqlite3-dev doxygen sqlfairy xmltoman sqlite3 gcc make cmake pkg-config libssh-dev gnutls-dev libglib2.0-dev libpcap-dev libgpgme11-dev uuid-dev bison libmicrohttpd5 -y

Depois, precisamos baixar os packages do Openvas6.

$ wget http://wald.intevation.org/frs/download.php/1159/openvas-libraries-5.0.3.tar.gz
$ wget http://wald.intevation.org/frs/download.php/1092/openvas-scanner-3.3.1.tar.gz
$ wget http://wald.intevation.org/frs/download.php/1112/openvas-manager-4.0+beta3.tar.gz
$ wget http://wald.intevation.org/frs/download.php/1140/openvas-administrator-1.2.1.tar.gz
$ wget http://wald.intevation.org/frs/download.php/1116/greenbone-security-assistant-4.0+beta3.tar.gz
$ wget http://wald.intevation.org/frs/download.php/1084/gsd-1.2.2.tar.gz
$ wget http://wald.intevation.org/frs/download.php/1131/openvas-cli-1.1.5.tar.gz

E na sequencia:

1 openvas-libraries
2 openvas-scanner
3 openvas-manager
4 openvas-administrator
5 gsad (greenbone-security-assistant)
6 gsd (greenbone-security-desktop)
7 openvas-cli

1 openvas-libraries

# tar xzvf openvas-libraries-5.0.3.tar.gz
# cd openvas-libraries-5.0.3/
# cmake .
– Configuring the Libraries…
– Install prefix: /usr/local
– checking for module ‘wmiclient>=1.3.14′
– package ‘wmiclient>=1.3.14′ not found
– checking for module ‘libssh>=0.4.5′
– package ‘libssh>=0.4.5′ not found
– Looking for pcap…
– Looking for pcap… /usr/lib/libpcap.so
– Looking for gpgme…
– Looking for gpgme… /usr/lib/libgpgme.so
– Looking for libldap…
– No ldap library found – ldap support disabled
– Did not find libssh via pkg-config, trying alternative approach …
– Found libssh 0.4.5.
– Looking for uuid…
– Looking for uuid… /usr/lib/libuuid.so
– Found Doxygen: /usr/bin/doxygen
– Configuring done
– Generating done
– Build files have been written to: /home/test/openvas/openvas-libraries-5.0.3

# make install
# cd ..

2 openvas-scanner

# tar xzvf openvas-scanner-3.3.1.tar.gz
# cd openvas-scanner-3.3.1/
# cmake .

– Configuring the Scanner…
– Install prefix: /usr/local
– Looking for pcap…
– Looking for pcap… /usr/lib/libpcap.so
– Looking for gpgme…
– Looking for gpgme… /usr/lib/libgpgme.so
– Found Doxygen: /usr/bin/doxygen
– Configuring done
– Generating done
– Build files have been written to: /home/test/openvas/openvas-scanner-3.3.1
# make
# make install
# cd ..

3 openvas-manager

# tar xzvf openvas-manager-4.0+beta3.tar.gz
# cmake .
– Configuring the Manager…
– Install prefix: /usr/local
– Looking for pcap…
– Looking for pcap… /usr/lib/libpcap.so
– Looking for gpgme…
– Looking for gpgme… /usr/lib/libgpgme.so
– Looking for xmltoman…
– Looking for xmltoman… /usr/bin/xmltoman
– Looking for xmlmantohtml… /usr/bin/xmlmantohtml
– Looking for SQLFairy…
– Looking for SQLFairy… /usr/bin/sqlt-diagram, /usr/bin/sqlt
– Configuring done
– Generating done
– Build files have been written to: /home/test/openvas/openvas-manager-4.0+beta3

# make
# make install
# cd ..

4 openvas-administrator

# tar xzvf openvas-administrator-1.2.1.tar.gz
# cd openvas-administrator-1.2.1/
# cmake .
– Configuring the OpenVAS Administrator…
– Install prefix: /usr/local
– Looking for pcap…
– Looking for pcap… /usr/lib/libpcap.so
– Looking for gpgme…
– Looking for gpgme… /usr/lib/libgpgme.so
– Looking for xmltoman…
– Looking for xmltoman… /usr/bin/xmltoman
– Looking for xmlmantohtml… /usr/bin/xmlmantohtml
– Configuring done
– Generating done
– Build files have been written to: /home/test/openvas/openvas-administrator-1.2.1

# make
# make install
# cd ..

5 gsad (greenbone-security-assistant)

# tar xzvf greenbone-security-assistant-4.0+beta3.tar.gz
# cd greenbone-security-assistant-4.0+beta3/
# cmake .
– Configuring greenbone-security-assistant…
– Looking for pkg-config… /usr/bin/pkg-config
– Install prefix: /usr/local
– External XSL transformations, with xsltproc.
– Looking for xmltoman…
– Looking for xmltoman… /usr/bin/xmltoman
– Looking for xmlmantohtml… /usr/bin/xmlmantohtml
– Configuring done
– Generating done
– Build files have been written to: /home/test/openvas/greenbone-security-assistant-4.0+beta3

# make
# make install
# cd ..

6 gsd (greenbone-security-desktop)

# tar gsd-1.2.2.tar.gz
# cd gsd-1.2.2
# cmake .
– Configuring gsd …
– Install prefix: /usr/local
– Looking for xmltoman…
– Looking for xmltoman… /usr/bin/xmltoman
– Looking for xmlmantohtml… /usr/bin/xmlmantohtml
– Configuring done
– Generating done
– Build files have been written to: /home/test/openvas/gsd-1.2.2
# make
# make install
# cd ..

7 openvas-cli

# tar xzvf openvas-cli-1.1.5.tar.gz
# cd openvas-cli-1.1.5
# cmake .
– Configuring openvas-cli …
– Install prefix: /usr/local
– Looking for xmltoman…
– Looking for xmltoman… /usr/bin/xmltoman
– Looking for xmlmantohtml… /usr/bin/xmlmantohtml
– Configuring done
– Generating done
– Build files have been written to: /home/test/openvas/openvas-cli-1.1.5
# make
# make install
# cd ..

Quando a instalação estiver completa, vamos configurar OpenVAS 6, atualizar primeiro o banco de dados com todos os testes e plugins de vulnerabilidades (NVT):

# openvas-nvt-sync

[i] This script synchronizes an NVT collection with the ‘OpenVAS NVT Feed’.
[i] The ‘OpenVAS NVT Feed’ is provided by ‘The OpenVAS Project’.
[i] Online information about this feed: ‘http://www.openvas.org/openvas-nvt-feed.html’.
[i] NVT dir: /usr/local/var/lib/openvas/plugins
[i] Will use rsync
[i] Using rsync: /usr/bin/rsync
[i] Configured NVT rsync feed: rsync://feed.openvas.org:/nvt-feed
OpenVAS feed server – http://openvas.org/
This service is hosted by Intevation GmbH – http://intevation.de/
All transactions are logged.
Please report problems to admin@intevation.de
receiving incremental file list
[…]

Vamos gerar um usuário com privilégios de administrador (para o OpenVAS, não do SO):

# openvasad -c ‘add_user’ -n admin –role=Admin
Enter password: <digite uma senha segura aqui>

Como OpenVAS protege a comunicação entre o scanner e o cliente usando SSL, você deve gerar os certificados usando o script openvas-mkcert que gera uma autoridade de certificação (se já não estiver lá) e o certificado do lado do scanner. Neste caso, ele vai configurar um CA da Alemanha, com informações do projeto OpenVAS e GreenBone (uma das empresas que tem serviços profissionais e pagos, além de contribuir com a comunidade open source com código-fonte e plugins).

# openvas-mkcert
/usr/local/var/lib/openvas/private/CA created
/usr/local/var/lib/openvas/CA created

——————————————————————————-
Creation of the OpenVAS SSL Certificate
——————————————————————————-

This script will now ask you the relevant information to create the SSL certificate of OpenVAS.
Note that this information will *NOT* be sent to anybody (everything stays local), but anyone with the ability to connect to your OpenVAS daemon will be able to retrieve this information.

CA certificate life time in days [1460]:
Server certificate life time in days [365]:
Your country (two letter code) [DE]:
Your state or province name [none]:
Your location (e.g. town) [Berlin]:
Your organization [OpenVAS Users United]:

——————————————————————————-
Creation of the OpenVAS SSL Certificate
——————————————————————————-

Congratulations. Your server certificate was properly created.

The following files were created:

. Certification authority:
Certificate = /usr/local/var/lib/openvas/CA/cacert.pem
Private key = /usr/local/var/lib/openvas/private/CA/cakey.pem

. OpenVAS Server :
Certificate = /usr/local/var/lib/openvas/CA/servercert.pem
Private key = /usr/local/var/lib/openvas/private/CA/serverkey.pem

Press [ENTER] to exit

Agora vamos gerar o CA no lado do client:

# openvas-mkcert-client -n om -i
Generating RSA private key, 1024 bit long modulus
……………..++++++
…….++++++
e is 65537 (0×10001)

[…]

Vamos inicializar o scanner, pode demorar alguns minutos para carregar todos os plugins de vulnerabilidades – NVT.

# openvassd

Depois de ter concluído o carregamento dos plugins, precisamos para reconstruir o banco de dados com o openvas-manager, para isso, usamos os seguintes comandos:

# touch /usr/local/var/lib/openvas/mgr/tasks.d
# openvasmd –backup
# openvasmd –rebuild

O Openvas 6 usa nmap 5.51:

# wget http://nmap.org/dist/nmap-5.51.6.tgz
# tar xzvf nmap-5.51.6.tg
# cd nmap-5.51.6
# ./configure
# make
# make install

Precisamos verificar se a versão é correta do NMAP:

# nmap -V
Nmap version 5.51.6 ( http://nmap.org )

Agora, vamos inicializar o Openvas modo Administrador:

# openvasad

E depois, vamos inicializar o Openvas modo Manager:

# openvasmd

Também vamos inicializar o GSA (greenbone-security-assistant) para administrar nossa instalação OpenVAS6:

# gsad –http-only –listen=0.0.0.0 -p 9392

Verificando se foi instalado corretamente, através deste script:

# chmod 755 openvas-check-setup
# ./openvas-check-setup –v6

[…]
Step 1: Checking OpenVAS Scanner …
OK: OpenVAS Scanner is present in version 3.3.1.
OK: OpenVAS Scanner CA Certificate is present as /usr/local/var/lib/openvas/CA/cacert.pem.
OK: NVT collection in /usr/local/var/lib/openvas/plugins contains 28194 NVTs.
WARNING: Signature checking of NVTs is not enabled in OpenVAS Scanner.
SUGGEST: Enable signature checking (see http://www.openvas.org/trusted-nvts.html).
Step 2: Checking OpenVAS Manager …
OK: OpenVAS Manager is present in version 4.0+beta3.
OK: OpenVAS Manager client certificate is present as /usr/local/var/lib/openvas/CA/clientcert.pem.
OK: OpenVAS Manager database found in /usr/local/var/lib/openvas/mgr/tasks.db.
OK: Access rights for the OpenVAS Manager database are correct.
OK: sqlite3 found, extended checks of the OpenVAS Manager installation enabled.
OK: OpenVAS Manager database is at revision 58.
OK: OpenVAS Manager expects database at revision 58.
OK: Database schema is up to date.
OK: OpenVAS Manager database contains information about 28194 NVTs.
OK: xsltproc found.
Step 3: Checking OpenVAS Administrator …
OK: OpenVAS Administrator is present in version 1.2.1.
OK: At least one user exists.
OK: At least one admin user exists.
Step 4: Checking Greenbone Security Assistant (GSA) …
OK: Greenbone Security Assistant is present in version 4.0+beta3.
Step 5: Checking OpenVAS CLI …
OK: OpenVAS CLI version 1.1.5.
Step 6: Checking Greenbone Security Desktop (GSD) …
OK: Greenbone Security Desktop is present in Version 1.2.2.
Step 7: Checking if OpenVAS services are up and running …
OK: netstat found, extended checks of the OpenVAS services enabled.
OK: OpenVAS Scanner is running and listening on all interfaces.
OK: OpenVAS Scanner is listening on port 9391, which is the default port.
OK: OpenVAS Manager is running and listening on all interfaces.
OK: OpenVAS Manager is listening on port 9390, which is the default port.
OK: OpenVAS Administrator is running and listening on all interfaces.
OK: OpenVAS Administrator is listening on port 9393, which is the default port.
OK: Greenbone Security Assistant is running and listening on all interfaces.
OK: Greenbone Security Assistant is listening on port 9392, which is the default port.
Step 8: Checking nmap installation …
OK: nmap is present in version 5.51.6.
Step 9: Checking presence of optional tools …
OK: pdflatex found.
OK: PDF generation successful. The PDF report format is likely to work.
OK: ssh-keygen found, LSC credential generation for GNU/Linux targets is likely to work.
OK: rpm found, LSC credential package generation for RPM based targets is likely to work.
OK: alien found, LSC credential package generation for DEB based targets is likely to work.
OK: nsis found, LSC credential package generation for Microsoft Windows targets is likely to work.[…]

Vamos conectar à porta 9392 via browser, através da URL http://localhost:9392:

OpenVAS6 + Debian 7

E por último, ter acesso ao nome de usuário e senha previamente criado no OpenVAS6.

OpenVAS6 - gsad

Referências:

http://www.openvas.org/
http://www.openvas.org/setup-and-start.html
http://www.debian.org/

Pedido de integração à equipe de desenvolvimento do OpenVAS

Puxa…estou emocionado!

Hoje aceitaram meu pedido oficial de integração à equipe de desenvolvimento do OpenVASVenho desde de sei lá, 2001 eu acho ou 2003 brincando com código do Nessus e depois que fecharam o código-fonte (nem me lembro a data).
Em 2008 conheci o OpenVAS2 http://www.openvas.org/announcement-openvas-2.html e curti, na verdade eu achei bem melhor que o Nessus Community (GPL) na época.

Me lembro da época que eu palestrava sobre OpenVAS e o espreto falava sobre Metasploit, bem antes disso, já curtia Análise em vulnerabilidades e agora essa notícia maravilhosa!

OpenVAS

Agora, bora desenvolver!

Tem uns plugins aqui (quick and dirty) https://github.com/firebitsbr/OpenVAS-Plugins-hardening mais focado em Hardening (apenas scanning), mas já estou codando vários sobre WordPress, Drupal e Joomla que vou disponibilizar para comunidade.

Obrigado pelo apoio de todos!

@firebitsbr